Commit b25e271b authored Jun 18, 2025 by Jacob Pan Committed by Alex Williamson Jul 11, 2025

vfio: Fix unbalanced vfio_df_close call in no-iommu mode

For devices with no-iommu enabled in IOMMUFD VFIO compat mode, the group open
path skips vfio_df_open(), leaving open_count at 0. This causes a warning in
vfio_assert_device_open(device) when vfio_df_close() is called during group
close.

The correct behavior is to skip only the IOMMUFD bind in the device open path
for no-iommu devices. Commit 6086efe7 omitted vfio_df_open(), which was
too broad. This patch restores the previous behavior, ensuring
the vfio_df_open is called in the group open path.

Fixes: 6086efe7 ("vfio-iommufd: Move noiommu compat validation out of vfio_iommufd_bind()")
Suggested-by: Alex Williamson <alex.williamson@redhat.com>
Suggested-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Jacob Pan <jacob.pan@linux.microsoft.com>
Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>
Link: https://lore.kernel.org/r/20250618234618.1910456-1-jacob.pan@linux.microsoft.com

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>

parent d7b8f8e2

drivers/vfio/group.c

+3 −4

Original line number	Diff line number	Diff line
		@@ -192,12 +192,11 @@ static int vfio_df_group_open(struct vfio_device_file *df)
		* implies they expected translation to exist
		*/
		if (!capable(CAP_SYS_RAWIO) \|\|
		vfio_iommufd_device_has_compat_ioas(device, df->iommufd))
		vfio_iommufd_device_has_compat_ioas(device, df->iommufd)) {
		ret = -EPERM;
		else
		ret = 0;
		goto out_put_kvm;
		}
		}

		ret = vfio_df_open(df);
		if (ret)

+4 −0

Original line number	Diff line number	Diff line
		@@ -25,6 +25,10 @@ int vfio_df_iommufd_bind(struct vfio_device_file *df)

		lockdep_assert_held(&vdev->dev_set->lock);

		/* Returns 0 to permit device opening under noiommu mode */
		if (vfio_device_is_noiommu(vdev))
		return 0;

		return vdev->ops->bind_iommufd(vdev, ictx, &df->devid);
		}